Talk to us
1800 133 147
hello@loopiq.com.auMon-Fri: 8am-6pm AEST
Loop IQ
Login
Current as of 22 May 2026

Privacy Policy

Your privacy is important to us at Loop IQ. We respect your privacy regarding any information we may collect from you across our website.

At a glance

Loop IQ is, by design, a data collection business. We treat the lawful, transparent, proportionate and secure handling of personal information as central to how we operate.

We collect personal information only for purposes we communicate to you at or before collection, use it only for those purposes, retain it only for as long as required by law or as long as is reasonably necessary to fulfil our duties, and dispose of it securely when it is no longer needed.

This policy is aligned with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and with the AICPA Trust Services Criteria for Privacy (SOC 2).

1. Purpose, Scope and Entitlement

Purpose

Loop IQ Holdings Pty Ltd and all Subsidiaries ("Loop IQ", "we", "us", "our") is committed to safeguarding the privacy and security of personal, sensitive and financial information in compliance with the Privacy Act 1988 (Cth) and its Australian Privacy Principles (APPs), the Notifiable Data Breaches scheme, the Spam Act 2003 (Cth), and the AICPA Trust Services Criteria for Privacy (SOC 2). Loop IQ is, by design, a data collection business: the lawful, transparent, proportionate and secure handling of personal information is central to how we operate.

This policy outlines Loop IQ's commitment to protecting the privacy of personal information relating to its employees, contractors, clients, end users, partners, vendors, sub-processors and other Stakeholders, and details how such information is collected, used, disclosed, stored, secured, retained and disposed of. All collection, use, disclosure and retention activities are carried out strictly in accordance with the specified purpose communicated to the individual at or before collection, and personal information is retained only for as long as required by law or as long as is reasonably necessary for the duties for which it was collected.

Scope

This policy applies to all personal information handled by Loop IQ, regardless of medium, format or location, and across all Loop IQ environments (production, staging, development, corporate). It applies to all employees and contractors of Loop IQ Holdings Pty Ltd and all Subsidiaries, as well as to clients and prospective clients, end users whose data is collected through services we provide, partners and resellers, vendors, sub-processors and any other third parties who handle personal information for or on behalf of Loop IQ.

Entitlement

This policy applies to all employees and contractors of Loop IQ Holdings Pty Ltd and all Subsidiaries, across all levels and departments, employee categories and contract types. It is binding on all third parties who collect, access, store, transmit or otherwise process personal information for or on behalf of Loop IQ, and compliance with this policy is a condition of engagement.

2. Policy Statement

This policy outlines the principles, controls and procedures governing the collection, use, disclosure, retention, security and disposal of personal information at Loop IQ Holdings Pty Ltd and all Subsidiaries, in respect of its employees, contractors, clients, end users, partners, vendors and other Stakeholders, ensuring that all personal information is treated lawfully, fairly, transparently, securely and only for the specified purpose for which it was collected, in accordance with applicable laws, regulations, contractual commitments and the AICPA Trust Services Criteria for Privacy.

3. Definitions

Personal Information Any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or recorded in a material form, including (without limitation) name, contact details, government identifiers, identification numbers, biometric data, geolocation data, device identifiers, online identifiers, employment records, financial information and inferences drawn from any of the foregoing.

Sensitive Information A subset of Personal Information that includes information about an individual's racial or ethnic origin, political opinions or memberships, religious or philosophical beliefs, trade union membership, sexual orientation or practices, criminal record, health, genetic or biometric information used for identification, and any other category of information designated as sensitive under applicable law.

Data Subject The identified or identifiable individual to whom Personal Information relates, including employees, contractors, clients, end users, partners, vendors, applicants and website visitors.

Data Controller The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal Information.

Data Processor / Sub-Processor A natural or legal person which processes Personal Information on behalf of a Data Controller, including third-party service providers engaged by Loop IQ.

Data Processing Any operation or set of operations performed on Personal Information, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, alignment or combination, restriction, erasure or destruction.

Data Breach Any actual or suspected event that compromises the confidentiality, integrity or availability of Personal Information, including accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information, whether or not it constitutes an "eligible data breach" under the Notifiable Data Breaches scheme.

Consent Any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Information relating to them.

Specified Purpose The purpose, or set of purposes, communicated to the Data Subject at or before the point of collection of their Personal Information, for which Loop IQ is permitted to use or disclose that information.

Privacy Officer The individual appointed by Loop IQ to oversee privacy compliance, act as the principal contact point for Data Subjects and regulators, and lead the response to privacy inquiries, requests and incidents.

4. Compliance

Loop IQ complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, the Notifiable Data Breaches scheme, the Spam Act 2003 (Cth), the Telecommunications Act 1997 (Cth), the Telecommunications (Interception and Access) Act 1979 (Cth), and all other applicable privacy and data protection laws in the jurisdictions in which we operate. Where Loop IQ acts as a Processor for clients subject to additional regimes (for example the EU/UK GDPR or the California Consumer Privacy Act), Loop IQ assists those clients in meeting their obligations through contractual commitments and operational controls.

5. Notice and Transparency

Loop IQ provides clear, concise and accessible notice to Data Subjects at or before the time Personal Information is collected. Notices identify Loop IQ as the collector, the categories of Personal Information being collected, the Specified Purpose, the intended recipients (including categories of sub-processors and overseas recipients), the legal basis for processing, the retention period or criteria, the consequences (if any) of failing to provide the information, and the rights available to the Data Subject. Where Personal Information is collected indirectly, Loop IQ takes reasonable steps to ensure equivalent notice has been provided or, where appropriate, provides such notice itself.

6. Choice and Consent

Where consent is the lawful basis for collection or processing, Loop IQ obtains consent that is freely given, specific, informed and unambiguous, and records that consent in an auditable manner. Separate consent is obtained for the collection or use of Sensitive Information, for direct marketing, and for any secondary use of Personal Information that goes beyond the Specified Purpose.

You can change your mind. Data Subjects may withdraw consent at any time, without detriment, by contacting our Privacy Officer. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

7. What We Collect

Depending on the relationship and the Specified Purpose, Loop IQ may collect:

  • Identification and contact information (name, business address, email, phone, job title, employer);
  • Account and authentication information (usernames, hashed credentials, multi-factor authentication tokens, session identifiers);
  • Service usage information (logs, audit trails, telemetry, device and browser identifiers, IP addresses, geolocation derived from IP);
  • Client and end-user data submitted to or processed through Loop IQ services in accordance with client instructions;
  • Commercial information (transaction history, billing and payment records, contractual records);
  • Recruitment and employment information (resumes, references, qualifications, right-to-work documentation, performance records, payroll and superannuation details, leave records);
  • Sensitive Information where strictly necessary and with consent (for example, health information for workplace adjustments);
  • Communications (emails, support tickets, recorded calls where notice has been given) and any inferences reasonably drawn from the foregoing.

8. How We Use Your Information

We use your personal information to fulfil contractual, legal and legitimate business interests consistent with the Specified Purpose. This includes, without limitation, providing and improving the Loop IQ service, fulfilling contractual obligations to clients, performing data collection and analytics activities specified to clients, managing accounts and billing, recruitment decisions, employment management, performance assessments, compliance with health and safety obligations, complying with legal and regulatory obligations, and protecting the security and integrity of our systems.

Personal information is used only for the Specified Purpose, for a directly related secondary purpose that the individual would reasonably expect, or where another lawful basis applies (such as consent, a legal obligation, the establishment, exercise or defence of legal claims, or a permitted general situation under the APPs).

9. Data Minimisation and Accuracy

Loop IQ collects and retains only the personal information that is adequate, relevant and limited to what is necessary for the Specified Purpose, and takes reasonable steps to ensure that the personal information we hold is accurate, up to date, complete and not misleading, having regard to the purpose for which it is used. Data Subjects may request correction of their information at any time.

10. Data Security and Confidentiality

Loop IQ implements layered technical, administrative and physical safeguards, calibrated to the sensitivity of the information and the risks of processing, to protect personal information against unauthorised access, disclosure, alteration, loss or destruction. Controls include (without limitation):

  • Encryption of personal information in transit (TLS) and at rest;
  • Identity and access management with role-based access control, least-privilege provisioning and periodic access reviews;
  • Multi-factor authentication for all personnel and privileged systems, and managed device controls;
  • Network segmentation, firewalling, intrusion detection and centralised logging and monitoring;
  • Vulnerability management, patching, secure software development practices and independent penetration testing;
  • Vendor risk management, including security and privacy due diligence prior to onboarding and on an ongoing basis;
  • Personnel screening (where lawful), confidentiality undertakings and mandatory privacy and security awareness training;
  • Documented incident response, business continuity and disaster recovery plans tested at least annually;
  • Regular internal and independent audits, including those conducted in connection with SOC 2 (Privacy) certification.

11. Sub-Processors and Third Parties

Loop IQ performs privacy and security due diligence on prospective sub-processors and service providers prior to onboarding and on an ongoing basis, and executes written agreements that flow down obligations consistent with this policy and applicable law, including obligations of confidentiality, data security, breach notification, audit, sub-processor management, retention and secure disposal. A current list of material sub-processors is maintained and is available to clients on request, and clients are given reasonable advance notice of changes where required by contract.

12. Data Sharing and Transfer

We do not sell personal information.

Personal information is not shared with third parties or transferred to jurisdictions without adequate data protection safeguards in place, except where required or authorised by law. Categories of recipients may include:

  • Clients to whom we provide services (in respect of end-user data processed on their behalf);
  • Vetted sub-processors and service providers;
  • Professional advisors (lawyers, accountants, auditors, insurers) under duties of confidentiality;
  • Regulators, law enforcement and courts, where disclosure is required, authorised or compelled by law;
  • A successor entity in connection with a merger, acquisition, financing, reorganisation or sale of assets.

Where Loop IQ discloses personal information to a recipient located outside Australia, Loop IQ takes such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs in relation to the information.

13. Sensitive Information

We handle Sensitive Information with additional protection and use it only for specific, lawful purposes consistent with the Specified Purpose (for example, employment-related purposes such as workplace adjustments, leave management or compliance with workplace health and safety obligations). Sensitive Information is subject to enhanced access controls, encryption, logging and need-to-know restrictions, and is retained only for as long as the underlying purpose requires.

14. Direct Marketing

Loop IQ engages in direct marketing only where permitted by the Privacy Act and the Spam Act 2003 (Cth). Marketing communications include a clear, functional unsubscribe mechanism. You may opt out of receiving direct marketing communications at any time by following the instructions in the relevant communication or by contacting our Privacy Officer.

15. Cookies and Online Tracking

Loop IQ's websites and platforms may use cookies, pixels and similar technologies to operate the service, remember preferences, measure usage and improve performance. Where required by law, Loop IQ obtains consent for non-essential cookies and provides controls allowing you to manage your preferences. Loop IQ does not knowingly engage in tracking for purposes incompatible with the Specified Purpose.

16. Automated Decision-Making and Profiling

Where Loop IQ uses automated processing, including profiling, in a manner that produces legal or similarly significant effects on an individual, Loop IQ provides meaningful information about the logic involved and the significance and envisaged consequences of such processing, and ensures that the individual has the right to obtain human intervention, to express their point of view and to contest the decision.

17. Children's Information

Loop IQ's services are not directed to children. Loop IQ does not knowingly collect personal information from individuals under the age of majority in their jurisdiction without the consent of a parent or guardian. Where such collection is identified, the information is deleted promptly unless lawful authority for retention exists.

18. Retention and Secure Disposal

Loop IQ retains personal information only for as long as is required by law or as long as is reasonably necessary for the duties for which it was collected. Retention periods are documented in our Data Retention Schedule, which takes into account the nature of the information, the Specified Purpose, contractual commitments to clients, applicable statutes of limitation, and obligations under (among others) the Privacy Act 1988 (Cth), the Fair Work Act 2009 (Cth), the Corporations Act 2001 (Cth), the Income Tax Assessment Acts, the A New Tax System (Goods and Services Tax) Act 1999 (Cth) and the Telecommunications (Interception and Access) Act 1979 (Cth).

Once personal information is no longer required for any lawful purpose, Loop IQ destroys or de-identifies it using methods designed to render the information irretrievable, including secure deletion of electronic records, cryptographic erasure of encryption keys, and physical destruction of hardcopy records. Where end-of-engagement deletion or return obligations apply under client agreements, those obligations are honoured in accordance with the relevant agreement.

19. Your Rights

Subject to applicable law, you have the right to:

  • Be informed about the collection and use of your personal information;
  • Request access to the personal information Loop IQ holds about you;
  • Request correction of information that is inaccurate, out of date, incomplete, irrelevant or misleading;
  • Request deletion or de-identification where retention is no longer required by law or for a Specified Purpose;
  • Request restriction of, or object to, certain types of processing;
  • Request portability of certain information in a structured, commonly used and machine-readable format;
  • Withdraw consent where consent is the lawful basis for processing;
  • Lodge a complaint with Loop IQ and, if dissatisfied, with the Office of the Australian Information Commissioner (OAIC) or another competent supervisory authority.

We will respond to verified rights requests without undue delay and, in any event, within 30 days. We may need to verify your identity before acting on a request and may decline or modify a request to the extent permitted by law.

20. Data Breach Notification

Loop IQ maintains a documented Data Breach Response Plan. In the event of a data breach involving personal information, Loop IQ will assess the incident promptly and, where the incident is likely to result in serious harm to any individual whose personal information is involved (and is therefore an "eligible data breach" under the Notifiable Data Breaches scheme), notify the OAIC and affected individuals as soon as practicable in accordance with Part IIIC of the Privacy Act 1988 (Cth). Loop IQ will also notify clients of breaches affecting their data in accordance with applicable contractual obligations and timelines, and take prompt remedial action to contain the breach, eradicate its cause and prevent recurrence.

21. Privacy by Design

Loop IQ embeds privacy considerations into the design and operation of its products, services and internal processes from the outset. New initiatives, material changes to existing processing activities and engagements with new sub-processors are subject to a Privacy Impact Assessment proportionate to the risk, the outcomes of which are documented and acted upon under the oversight of the Privacy Officer.

22. Changes to This Policy

This Privacy Policy is reviewed at least annually by the Privacy Officer, and more frequently where warranted by changes in applicable law, regulatory guidance, business activities, technology, the threat environment, audit findings or material incidents. Material amendments are approved by Loop IQ's executive management. The current version supersedes all prior versions; the "Last updated" date at the top of this document reflects when this version took effect.

Contact Us

For questions, complaints, or to exercise a privacy right, contact our Privacy Officer:

Email: privacy@loopiq.com.au

Post: Loop IQ Holdings Pty Ltd

Attention: Privacy Officer

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.